Snort mailing list archives
Re: Re: [Snort-sigs] Oinkmaster questions
From: Anthony Kim <Anthony.Kim () VWCREDIT COM>
Date: Wed, 11 Jun 2003 11:14:44 -0500
On Wed, Jun 11, 2003, Andreas Östling wrote:
On Tuesday 10 June 2003 15.05, Philip Davidson wrote:Yeah, I would like to see something that would check for updates against an md5 checksum. That would be pretty keen. Philip DavidsonI don't really see how checking the md5 checksum would be much help in this case. Just because the tarball's md5 checksum matches, it doesn't really say anything whether its content will screw things up or not.
Yes obviously md5 checksum won't help you at all. This is orthogonal to the current discussion (Whether you should automate rule update or not). The point was, md5 checksum would have been a nice addition to validate a download. If it were possible to obtain the md5 sum from a tertiary source as opposed to the same source you retrieve the rule tarball from, and if you can trust the tertiary source by consensus of other sources or by other means, you can even obtain some measure of assurance your package has not been tampered with. Is it necessary, then, to GPG sign every rule package? Are we at that point yet? I don't have the answers but rule package integrity is certainly worthwhile discussion. ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Re: [Snort-sigs] Oinkmaster questions Philip Davidson (Jun 10)
- Re: Re: [Snort-sigs] Oinkmaster questions Andreas Östling (Jun 11)
- Re: Re: [Snort-sigs] Oinkmaster questions Anthony Kim (Jun 11)
- Re: Re: [Snort-sigs] Oinkmaster questions Andreas Östling (Jun 11)